Security in biometric systems

TL;DR

This paper reviews security challenges in biometric systems, discussing various attack types, protection measures, and the specific vulnerabilities of fingerprint, face, and iris recognition technologies.

Contribution

It provides a comprehensive overview of attack methodologies and defense strategies for biometric systems, including side channel attacks and their potential combinations.

Findings

Overview of basic attack types and protections

Analysis of vulnerabilities in fingerprint, face, and iris recognition

Discussion of side channel attacks and combined attack strategies

Abstract

The objective of biometric systems is to provide an identification mechanism. This identification mechanism can be used to fulfil several objectives. The most common, related to providing security to a resource, is usually authentication or detection of authorized personnel and detection of unauthorized personnel. From the technical point of view, these two objectives can be included in a single point since most functionalities are achieved by making searches of people previously identified in the database of the system in question. In the first case access is given to people entered in the database and in the second case access is given to people who are not entered in the database. Although these are the two most common attacks there are also others that we will discuss in this chapter. The structure of the chapter is as follows. The first part of the chapter gives an overview of the basic types of attacks and describes the usual protection measures (Sections 1, 2 and 3). The second part of the chapter describes several attacks that can be made on systems based on fingerprinting, face recognition, and iris recognition (Sections 4 and 5). Once the attack methodologies have been described, some specific protection measures are also discussed (Sections 4 and 5). Finally, side channel attacks and their usefulness in combination with other possible attacks are described (Section 6).